doc/install/suse/sles9/x86_64/httpd.conf - view

File: [LON-CAPA] / doc / install / suse / sles9 / x86_64 / httpd.conf
Revision 1.3: download - view: text, annotated - select for diffs
Sat Dec 16 16:22:15 2006 UTC (17 years, 7 months ago) by raeburn
Branches: MAIN
CVS tags: version_2_9_X, version_2_9_99_0, version_2_9_1, version_2_9_0, version_2_8_X, version_2_8_99_1, version_2_8_99_0, version_2_8_2, version_2_8_1, version_2_8_0, version_2_7_X, version_2_7_99_1, version_2_7_99_0, version_2_7_1, version_2_7_0, version_2_6_X, version_2_6_99_1, version_2_6_99_0, version_2_6_3, version_2_6_2, version_2_6_1, version_2_6_0, version_2_5_X, version_2_5_99_1, version_2_5_99_0, version_2_5_2, version_2_5_1, version_2_5_0, version_2_4_X, version_2_4_99_0, version_2_4_2, version_2_4_1, version_2_4_0, version_2_3_99_0, version_2_12_X, version_2_11_X, version_2_11_5, version_2_11_4_uiuc, version_2_11_4_msu, version_2_11_4, version_2_11_3_uiuc, version_2_11_3_msu, version_2_11_3, version_2_11_2_uiuc, version_2_11_2_msu, version_2_11_2_educog, version_2_11_2, version_2_11_1, version_2_11_0_RC3, version_2_11_0_RC2, version_2_11_0_RC1, version_2_11_0, version_2_10_X, version_2_10_1, version_2_10_0_RC2, version_2_10_0_RC1, version_2_10_0, loncapaMITrelate_1, language_hyphenation_merge, language_hyphenation, bz6209-base, bz6209, HEAD, GCI_3, GCI_2, GCI_1, BZ4492-merge, BZ4492-feature_horizontal_radioresponse, BZ4492-feature_Support_horizontal_radioresponse, BZ4492-Support_horizontal_radioresponse

Change default e-mail address for admin.

Eliminate some unwanted aliases.

Directive for /home/httpd/cgi-bin provided in loncapa_apache.conf

1: ## 2: ## httpd.conf -- Apache HTTP server configuration file 3: ## 4: 5: # 6: # Based upon the NCSA server configuration files originally by Rob McCool. 7: # 8: # This is the main Apache server configuration file. It contains the 9: # configuration directives that give the server its instructions. 10: # See <URL:http://www.apache.org/docs/> for detailed information about 11: # the directives. 12: # 13: # Do NOT simply read the instructions in here without understanding 14: # what they do. They're here only as hints or reminders. If you are unsure 15: # consult the online docs. You have been warned. 16: # 17: # After this file is processed, the server will look for and process 18: # /etc/httpd/srm.conf and then /etc/httpd/access.conf 19: # unless you have overridden these with ResourceConfig and/or 20: # AccessConfig directives here. 21: # 22: # The configuration directives are grouped into three basic sections: 23: # 1. Directives that control the operation of the Apache server process as a 24: # whole (the 'global environment'). 25: # 2. Directives that define the parameters of the 'main' or 'default' server, 26: # which responds to requests that aren't handled by a virtual host. 27: # These directives also provide default values for the settings 28: # of all virtual hosts. 29: # 3. Settings for virtual hosts, which allow Web requests to be sent to 30: # different IP addresses or hostnames and have them handled by the 31: # same Apache server process. 32: # 33: # Configuration and logfile names: If the filenames you specify for many 34: # of the server's control files begin with "/" (or "drive:/" for Win32), the 35: # server will use that explicit path. If the filenames do *not* begin 36: # with "/", the value of ServerRoot is prepended -- so "logs/foo.log" 37: # with ServerRoot set to "/usr/local/apache" will be interpreted by the 38: # server as "/usr/local/apache/logs/foo.log". 39: # 40: 41: ### Section 1: Global Environment 42: # 43: # The directives in this section affect the overall operation of Apache, 44: # such as the number of concurrent requests it can handle or where it 45: # can find its configuration files. 46: # 47: 48: # 49: # ServerType is either inetd, or standalone. Inetd mode is only supported on 50: # Unix platforms. 51: # 52: ServerType standalone 53: 54: # 55: # ServerRoot: The top of the directory tree under which the server's 56: # configuration, error, and log files are kept. 57: # 58: # NOTE! If you intend to place this on an NFS (or otherwise network) 59: # mounted filesystem then please read the LockFile documentation 60: # (available at <URL:http://www.apache.org/docs/mod/core.html#lockfile>); 61: # you will save yourself a lot of trouble. 62: # 63: ServerRoot "/etc/httpd" 64: 65: # 66: # The LockFile directive sets the path to the lockfile used when Apache 67: # is compiled with either USE_FCNTL_SERIALIZED_ACCEPT or 68: # USE_FLOCK_SERIALIZED_ACCEPT. This directive should normally be left at 69: # its default value. The main reason for changing it is if the logs 70: # directory is NFS mounted, since the lockfile MUST BE STORED ON A LOCAL 71: # DISK. The PID of the main server process is automatically appended to 72: # the filename. 73: # 74: LockFile /var/lock/subsys/httpd/httpd.accept.lock 75: 76: # 77: # PidFile: The file in which the server should record its process 78: # identification number when it starts. 79: # 80: PidFile /var/run/httpd.pid 81: 82: # 83: # ScoreBoardFile: File used to store internal server process information. 84: # Not all architectures require this. But if yours does (you'll know because 85: # this file will be created when you run Apache) then you *must* ensure that 86: # no two invocations of Apache share the same scoreboard file. 87: # 88: ScoreBoardFile /var/run/httpd.scoreboard 89: 90: # 91: # In the standard configuration, the server will process httpd.conf (this 92: # file, specified by the -f command line option), srm.conf, and access.conf 93: # in that order. The latter two files are now distributed empty, as it is 94: # recommended that all directives be kept in a single file for simplicity. 95: # The commented-out values below are the built-in defaults. You can have the 96: # server ignore these files altogether by using "/dev/null" (for Unix) or 97: # "nul" (for Win32) for the arguments to the directives. 98: # 99: #ResourceConfig /etc/httpd/srm.conf 100: #AccessConfig /etc/httpd/access.conf 101: 102: # 103: # Timeout: The number of seconds before receives and sends time out. 104: # 105: Timeout 300 106: 107: # 108: # KeepAlive: Whether or not to allow persistent connections (more than 109: # one request per connection). Set to "Off" to deactivate. 110: # 111: KeepAlive On 112: 113: # 114: # MaxKeepAliveRequests: The maximum number of requests to allow 115: # during a persistent connection. Set to 0 to allow an unlimited amount. 116: # We recommend you leave this number high, for maximum performance. 117: # 118: MaxKeepAliveRequests 100 119: 120: # 121: # KeepAliveTimeout: Number of seconds to wait for the next request from the 122: # same client on the same connection. 123: # 124: KeepAliveTimeout 15 125: 126: # 127: # Server-pool size regulation. Rather than making you guess how many 128: # server processes you need, Apache dynamically adapts to the load it 129: # sees --- that is, it tries to maintain enough server processes to 130: # handle the current load, plus a few spare servers to handle transient 131: # load spikes (e.g., multiple simultaneous requests from a single 132: # Netscape browser). 133: # 134: # It does this by periodically checking how many servers are waiting 135: # for a request. If there are fewer than MinSpareServers, it creates 136: # a new spare. If there are more than MaxSpareServers, some of the 137: # spares die off. The default values are probably OK for most sites. 138: # 139: 140: # Note: these two values are set by SuSEconfig according to the setting of the 141: # HTTPD_PERFORMANCE variable in /etc/sysconfig/apache! 142: MinSpareServers 1 143: MaxSpareServers 1 144: 145: # 146: # Number of servers to start initially --- should be a reasonable ballpark 147: # figure. 148: # 149: 150: # Note: this value is set by SuSEconfig according to the setting of the 151: # HTTPD_PERFORMANCE variable in /etc/sysconfig/apache! 152: StartServers 1 153: 154: # 155: # Limit on total number of servers running, i.e., limit on the number 156: # of clients who can simultaneously connect --- if this limit is ever 157: # reached, clients will be LOCKED OUT, so it should NOT BE SET TOO LOW. 158: # It is intended mainly as a brake to keep a runaway server from taking 159: # the system with it as it spirals down... 160: # 161: 162: # Note: this value is set by SuSEconfig according to the setting of the 163: # HTTPD_PERFORMANCE variable in /etc/sysconfig/apache! 164: MaxClients 150 165: 166: # 167: # MaxRequestsPerChild: the number of requests each child process is 168: # allowed to process before the child dies. The child will exit so 169: # as to avoid problems after prolonged use when Apache (and maybe the 170: # libraries it uses) leak memory or other resources. On most systems, this 171: # isn't really needed, but a few (such as Solaris) do have notable leaks 172: # in the libraries. For these platforms, set to something like 10000 173: # or so; a setting of 0 means unlimited. 174: # 175: # NOTE: This value does not include keepalive requests after the initial 176: # request per connection. For example, if a child process handles 177: # an initial request and 10 subsequent "keptalive" requests, it 178: # would only count as 1 request towards this limit. 179: # 180: MaxRequestsPerChild 0 181: 182: # 183: # Listen: Allows you to bind Apache to specific IP addresses and/or 184: # ports, instead of the default. See also the <VirtualHost> 185: # directive. 186: # 187: #Listen 3000 188: #Listen 12.34.56.78:80 189: 190: # 191: # BindAddress: You can support virtual hosts with this option. This directive 192: # is used to tell the server which IP address to listen to. It can either 193: # contain "*", an IP address, or a fully qualified Internet domain name. 194: # See also the <VirtualHost> and Listen directives. 195: # 196: #BindAddress * 197: 198: # 199: # Dynamic Shared Object (DSO) Support 200: # 201: # To be able to use the functionality of a module which was built as a DSO you 202: # have to place corresponding `LoadModule' lines at this location so the 203: # directives contained in it are actually available _before_ they are used. 204: # Please read the file http://httpd.apache.org/docs/dso.html for more 205: # details about the DSO mechanism and run `httpd -l' for the list of already 206: # built-in (statically linked and thus always available) modules in your httpd 207: # binary. 208: # 209: # Note: The order in which modules are loaded is important. Don't change 210: # the order below without expert advice. 211: 212: # Note: 213: # 214: # The file that is included after the LoadModule statements is generated 215: # by SuSEconfig according to 216: # 217: # 1) which modules (ones not included with apache) are installed 218: # 2) the settings in /etc/sysconfig/apache 219: # 220: # SuSEconfig uses the /etc/httpd/modules/* files that come with each module 221: # to determine the necessary directives. 222: # 223: # Apache no longer needs to be started with '-D <modules>' switches (with 224: # the exception of mod_ssl, which has a lot of conditional statements). 225: 226: # Example: 227: # LoadModule foo_module libexec/mod_foo.so 228: LoadModule mmap_static_module /usr/lib64/apache/mod_mmap_static.so 229: LoadModule vhost_alias_module /usr/lib64/apache/mod_vhost_alias.so 230: LoadModule env_module /usr/lib64/apache/mod_env.so 231: LoadModule define_module /usr/lib64/apache/mod_define.so 232: LoadModule config_log_module /usr/lib64/apache/mod_log_config.so 233: LoadModule agent_log_module /usr/lib64/apache/mod_log_agent.so 234: LoadModule referer_log_module /usr/lib64/apache/mod_log_referer.so 235: LoadModule mime_magic_module /usr/lib64/apache/mod_mime_magic.so 236: LoadModule mime_module /usr/lib64/apache/mod_mime.so 237: LoadModule negotiation_module /usr/lib64/apache/mod_negotiation.so 238: LoadModule status_module /usr/lib64/apache/mod_status.so 239: LoadModule info_module /usr/lib64/apache/mod_info.so 240: LoadModule includes_module /usr/lib64/apache/mod_include.so 241: LoadModule autoindex_module /usr/lib64/apache/mod_autoindex.so 242: LoadModule dir_module /usr/lib64/apache/mod_dir.so 243: LoadModule cgi_module /usr/lib64/apache/mod_cgi.so 244: LoadModule asis_module /usr/lib64/apache/mod_asis.so 245: LoadModule imap_module /usr/lib64/apache/mod_imap.so 246: LoadModule action_module /usr/lib64/apache/mod_actions.so 247: LoadModule speling_module /usr/lib64/apache/mod_speling.so 248: # mod_userdir will be included below by SuSEconfig if HTTPD_SEC_PUBLIC_HTML=yes 249: LoadModule alias_module /usr/lib64/apache/mod_alias.so 250: LoadModule rewrite_module /usr/lib64/apache/mod_rewrite.so 251: LoadModule access_module /usr/lib64/apache/mod_access.so 252: LoadModule auth_module /usr/lib64/apache/mod_auth.so 253: LoadModule anon_auth_module /usr/lib64/apache/mod_auth_anon.so 254: LoadModule dbm_auth_module /usr/lib64/apache/mod_auth_dbm.so 255: LoadModule db_auth_module /usr/lib64/apache/mod_auth_db.so 256: LoadModule digest_module /usr/lib64/apache/mod_digest.so 257: LoadModule proxy_module /usr/lib64/apache/libproxy.so 258: LoadModule cern_meta_module /usr/lib64/apache/mod_cern_meta.so 259: LoadModule expires_module /usr/lib64/apache/mod_expires.so 260: LoadModule headers_module /usr/lib64/apache/mod_headers.so 261: LoadModule usertrack_module /usr/lib64/apache/mod_usertrack.so 262: # LoadModule unique_id_module /usr/lib64/apache/mod_unique_id.so 263: LoadModule setenvif_module /usr/lib64/apache/mod_setenvif.so 264: <IfDefine DUMMYSSL> 265: LoadModule ssl_module /usr/lib64/apache/libssl.so 266: </IfDefine> 267: 268: Include /etc/httpd/suse_loadmodule.conf 269: 270: 271: # Reconstruction of the complete module list from all available modules 272: # (static and shared ones) to achieve correct module execution order. 273: # [WHENEVER YOU CHANGE THE LOADMODULE SECTION ABOVE UPDATE THIS, TOO] 274: ClearModuleList 275: AddModule mod_mmap_static.c 276: AddModule mod_vhost_alias.c 277: AddModule mod_env.c 278: AddModule mod_define.c 279: AddModule mod_log_config.c 280: AddModule mod_log_agent.c 281: AddModule mod_log_referer.c 282: AddModule mod_mime_magic.c 283: AddModule mod_mime.c 284: AddModule mod_negotiation.c 285: AddModule mod_status.c 286: AddModule mod_info.c 287: AddModule mod_include.c 288: AddModule mod_autoindex.c 289: AddModule mod_dir.c 290: AddModule mod_cgi.c 291: AddModule mod_asis.c 292: AddModule mod_imap.c 293: AddModule mod_actions.c 294: AddModule mod_speling.c 295: # mod_userdir will be included below by SuSEconfig if HTTPD_SEC_PUBLIC_HTML=yes 296: AddModule mod_alias.c 297: AddModule mod_rewrite.c 298: AddModule mod_access.c 299: AddModule mod_auth.c 300: AddModule mod_auth_anon.c 301: AddModule mod_auth_dbm.c 302: AddModule mod_auth_db.c 303: AddModule mod_digest.c 304: AddModule mod_proxy.c 305: AddModule mod_cern_meta.c 306: AddModule mod_expires.c 307: AddModule mod_headers.c 308: AddModule mod_usertrack.c 309: # AddModule mod_unique_id.c 310: AddModule mod_so.c 311: AddModule mod_setenvif.c 312: <IfDefine DUMMYSSL> 313: AddModule mod_ssl.c 314: </IfDefine> 315: 316: 317: 318: # Again, the following file is generated by SuSEconfig for modules that actually 319: # have been installed 320: 321: Include /etc/httpd/suse_addmodule.conf 322: 323: 324: # 325: # ExtendedStatus controls whether Apache will generate "full" status 326: # information (ExtendedStatus On) or just basic information (ExtendedStatus 327: # Off) when the "server-status" handler is called. The default is Off. 328: # 329: ExtendedStatus On 330: 331: 332: # 333: # To enable mod_dav, add the following directive to the appropriate 334: # container(s) in the httpd.conf file: 335: # 336: <IfModule mod_dav.c> 337: DavLockDB /var/lib/httpd/DAVLock 338: </IfModule> 339: 340: 341: 342: ### Section 2: 'Main' server configuration 343: # 344: # The directives in this section set up the values used by the 'main' 345: # server, which responds to any requests that aren't handled by a 346: # <VirtualHost> definition. These values also provide defaults for 347: # any <VirtualHost> containers you may define later in the file. 348: # 349: # All of these directives may appear inside <VirtualHost> containers, 350: # in which case these default settings will be overridden for the 351: # virtual host being defined. 352: # 353: 354: # 355: # If your ServerType directive (set earlier in the 'Global Environment' 356: # section) is set to "inetd", the next few directives don't have any 357: # effect since their settings are defined by the inetd configuration. 358: # Skip ahead to the ServerAdmin directive. 359: # 360: 361: # 362: # Port: The port to which the standalone server listens. For 363: # ports < 1023, you will need httpd to be run as root initially. 364: # 365: Port 80 366: 367: ## 368: ## SSL Support 369: ## 370: ## When we also provide SSL we have to listen to the 371: ## standard HTTP port (see above) and to the HTTPS port 372: ## 373: <IfDefine SSL> 374: Listen 80 375: Listen 443 376: </IfDefine> 377: 378: # 379: # If you wish httpd to run as a different user or group, you must run 380: # httpd as root initially and it will switch. 381: # 382: # User/Group: The name (or #number) of the user/group to run httpd as. 383: # . On SCO (ODT 3) use "User nouser" and "Group nogroup". 384: # . On HPUX you may not be able to use shared memory as nobody, and the 385: # suggested workaround is to create a user www and use that user. 386: # NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET) 387: # when the value of (unsigned)Group is above 60000; 388: # don't use Group "#-1" on these systems! 389: # 390: User www 391: Group www 392: 393: # 394: # ServerAdmin: Your address, where problems with the server should be 395: # e-mailed. This address appears on some server-generated pages, such 396: # as error documents. 397: # 398: 399: # Note: this email address is set by SuSEconfig according to the setting of the 400: # HTTPD_SEC_SERVERADMIN variable in /etc/sysconfig/apache! 401: ServerAdmin root@localhost 402: 403: # 404: # ServerName allows you to set a host name which is sent back to clients for 405: # your server if it's different than the one the program would get (i.e., use 406: # "www" instead of the host's real name). 407: # 408: # Note: You cannot just invent host names and hope they work. The name you 409: # define here must be a valid DNS name for your host. If you don't understand 410: # this, ask your network administrator. 411: # If your host doesn't have a registered DNS name, enter its IP address here. 412: # You will have to access it by its address (e.g., http://123.45.67.89/) 413: # anyway, and this will make redirections work in a sensible way. 414: # 415: # 127.0.0.1 is the TCP/IP local loop-back address, often named localhost. Your 416: # machine always knows itself by this address. If you use Apache strictly for 417: # local testing and development, you may use 127.0.0.1 as the server name. 418: # 419: 420: # Note: the host name is set by SuSEconfig according to the setting of the 421: # FQHOSTNAME variable in /etc/sysconfig/network/config! 422: 423: # 424: # DocumentRoot: The directory out of which you will serve your 425: # documents. By default, all requests are taken from this directory, but 426: # symbolic links and aliases may be used to point to other locations. 427: # 428: DocumentRoot "/home/httpd/html" 429: 430: # 431: # Each directory to which Apache has access, can be configured with respect 432: # to which services and features are allowed and/or disabled in that 433: # directory (and its subdirectories). 434: # 435: # First, we configure the "default" to be a very restrictive set of 436: # permissions. 437: # 438: <Directory /> 439: AuthUserFile /etc/httpd/passwd 440: AuthGroupFile /etc/httpd/group 441: 442: Options -FollowSymLinks +Multiviews 443: AllowOverride None 444: 445: </Directory> 446: 447: 448: # 449: # Note that from this point forward you must specifically allow 450: # particular features to be enabled - so if something's not working as 451: # you might expect, make sure that you have specifically enabled it 452: # below. 453: # 454: 455: # 456: # This should be changed to whatever you set DocumentRoot to. 457: # 458: <Directory "/srv/www/htdocs"> 459: 460: # 461: # This may also be "None", "All", or any combination of "Indexes", 462: # "Includes", "FollowSymLinks", "ExecCGI", or "MultiViews". 463: # 464: # Note that "MultiViews" must be named *explicitly* --- "Options All" 465: # doesn't give it to you. 466: # 467: Options Indexes -FollowSymLinks +Includes MultiViews 468: 469: # 470: # This controls which options the .htaccess files in directories can 471: # override. Can also be "All", or any combination of "Options", "FileInfo", 472: # "AuthConfig", and "Limit" 473: # 474: AllowOverride None 475: 476: # 477: # Controls who can get stuff from this server. 478: # 479: Order allow,deny 480: Allow from all 481: 482: 483: # 484: # disable WebDAV by default for security reasons. 485: # 486: <IfModule mod_dav.c> 487: DAV Off 488: </IfModule> 489: 490: # 491: # Protect the php3 test page, so it cannot be viewed from an outside system. 492: # 493: <Files test.php3> 494: Order deny,allow 495: deny from all 496: allow from localhost 497: </Files> 498: 499: </Directory> 500: 501: # 502: # UserDir: The name of the directory which is appended onto a user's home 503: # directory if a ~user request is received. 504: 505: # Note: 506: # The next three lines are commented out here. These directives and the access 507: # control section have been put into /etc/httpd/suse_public_html.conf. 508: # If the variable HTTPD_SEC_PUBLIC_HTML in /etc/sysconfig/apache 509: # is set to "yes" (default), SuSEconfig will include that file via 510: # /etc/httpd/suse_include.conf. 511: # Also note that for the /home/*/public_html directories to be browsable the 512: # executable flag must be set on the /home/* directories. 513: 514: # 515: # <IfModule mod_userdir.c> 516: # UserDir public_html 517: # </IfModule> 518: 519: # 520: # Control access to UserDir directories. The following is an example 521: # for a site where these directories are restricted to read-only. 522: # 523: #<Directory /home/*/public_html> 524: # AllowOverride FileInfo AuthConfig Limit 525: # Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec 526: # <Limit GET POST OPTIONS PROPFIND> 527: # Order allow,deny 528: # Allow from all 529: # </Limit> 530: # <LimitExcept GET POST OPTIONS PROPFIND> 531: # Order deny,allow 532: # Deny from all 533: # </LimitExcept> 534: #</Directory> 535: 536: # 537: # DirectoryIndex: Name of the file or files to use as a pre-written HTML 538: # directory index. Separate multiple entries with spaces. 539: # 540: <IfModule mod_dir.c> 541: DirectoryIndex index.html 542: </IfModule> 543: 544: # 545: # AccessFileName: The name of the file to look for in each directory 546: # for access control information. 547: # 548: AccessFileName .htaccess 549: 550: # 551: # The following lines prevent .htaccess files from being viewed by 552: # Web clients. Since .htaccess files often contain authorization 553: # information, access is disallowed for security reasons. Comment 554: # these lines out if you want Web visitors to see the contents of 555: # .htaccess files. If you change the AccessFileName directive above, 556: # be sure to make the corresponding changes here. 557: # 558: # Also, folks tend to use names such as .htpasswd for password 559: # files, so this will protect those as well. 560: # 561: <Files ~ "^\.ht"> 562: Order allow,deny 563: Deny from all 564: Satisfy All 565: </Files> 566: 567: # 568: # CacheNegotiatedDocs: By default, Apache sends "Pragma: no-cache" with each 569: # document that was negotiated on the basis of content. This asks proxy 570: # servers not to cache the document. Uncommenting the following line disables 571: # this behavior, and proxies will be allowed to cache the documents. 572: # 573: #CacheNegotiatedDocs 574: 575: # 576: # UseCanonicalName: (new for 1.3) With this setting turned on, whenever 577: # Apache needs to construct a self-referencing URL (a URL that refers back 578: # to the server the response is coming from) it will use ServerName and 579: # Port to form a "canonical" name. With this setting off, Apache will 580: # use the hostname:port that the client supplied, when possible. This 581: # also affects SERVER_NAME and SERVER_PORT in CGI scripts. 582: # 583: UseCanonicalName On 584: 585: # 586: # TypesConfig describes where the mime.types file (or equivalent) is 587: # to be found. 588: # 589: <IfModule mod_mime.c> 590: TypesConfig /etc/httpd/mime.types 591: </IfModule> 592: 593: # 594: # DefaultType is the default MIME type the server will use for a document 595: # if it cannot otherwise determine one, such as from filename extensions. 596: # If your server contains mostly text or HTML documents, "text/plain" is 597: # a good value. If most of your content is binary, such as applications 598: # or images, you may want to use "application/octet-stream" instead to 599: # keep browsers from trying to display binary files as though they are 600: # text. 601: # 602: DefaultType text/plain 603: 604: # 605: # The mod_mime_magic module allows the server to use various hints from the 606: # contents of the file itself to determine its type. The MIMEMagicFile 607: # directive tells the module where the hint definitions are located. 608: # mod_mime_magic is not part of the default server (you have to add 609: # it yourself with a LoadModule [see the DSO paragraph in the 'Global 610: # Environment' section], or recompile the server and include mod_mime_magic 611: # as part of the configuration), so it's enclosed in an <IfModule> container. 612: # This means that the MIMEMagicFile directive will only be processed if the 613: # module is part of the server. 614: # 615: <IfModule mod_mime_magic.c> 616: MIMEMagicFile /etc/httpd/magic 617: </IfModule> 618: 619: # 620: # HostnameLookups: Log the names of clients or just their IP addresses 621: # e.g., www.apache.org (on) or 204.62.129.132 (off). 622: # The default is off because it'd be overall better for the net if people 623: # had to knowingly turn this feature on, since enabling it means that 624: # each client request will result in AT LEAST one lookup request to the 625: # nameserver. 626: # 627: HostnameLookups Off 628: 629: 630: # The following are the directives necessary to get mod_backhand operational. 631: # You will need to add Backhand directives to any directories that you wish 632: # to balance.. For example, you could put the following inside a 633: # ScriptAliased /cgi-cpu/ directory (for scripts that are cpu hogs) 634: 635: # <Directory ...> 636: # ... stuff ... 637: # Backhand byAge 638: # Backhand byRandom 639: # Backhand byLogWindow 640: # Backhand byCPU 641: # ... stuff ... 642: # </Directory> 643: 644: # This will eliminate servers you haven't heard from for a while 645: # Then randomize those remaining 646: # Then take the first log(n) (log base 2 of course) 647: # Then use the one with the highest CPU idle time 648: 649: <IfModule mod_backhand.c> 650: # UnixSocketDir is were the mod_backhand-Arriba file is stored 651: # (how fast your machine is). This directory must be readable and writable 652: # by euid of apache (wwwrun) because the children have dropped privileges 653: # before they connect to a UNIX domain socket in this directory. 654: # This directive is singular. 655: # 656: # MulticastStats of the form [<IP ADDR>] <BROADCAST ADDR>:<PORT> will set 657: # mod_backhand to broadcast server statistics on that address advertising 658: # for a server on <IP ADDR> or gethostbyname(gethostname()) 659: # MulticastStats of the form [<IP ADDR>] <MULTICAST ADDR>:<PORT>,<ttl> will 660: # set mod_backhand to multicast server statistics on that address 661: # advertising for a server on <IP ADDR> or gethostbyname(gethostname()) 662: # This directive is singular. 663: # 664: # AcceptStats <a.b.c.d>[/<mask>] (like 10.0.0.4 or 10.0.0.0/24) will accept 665: # statistics originating from that IP or IP network. 666: # This option can be cascaded. 667: 668: UnixSocketDir /var/lib/backhand 669: # MulticastStats 128.220.221.255:4445 670: # MulticastStats 225.220.221.20:4445,1 671: # AcceptStats 128.220.221.0/24 672: 673: # Note that you _must_ configure the MulticastStats/AcceptStats directives, 674: # otherwise apache will segfault! 675: 676: # This is a status of sorts. Visit it and see how valuable it is to you. 677: <Location "/backhand/"> 678: SetHandler backhand-handler 679: </Location> 680: </IfModule> 681: 682: 683: # 684: # working directory of mod_bandwidth 685: # 686: <IfModule mod_bandwidth.c> 687: BandWidthDataDir /var/lib/httpd/mod_bandwidth 688: </IfModule> 689: 690: 691: # 692: # ErrorLog: The location of the error log file. 693: # If you do not specify an ErrorLog directive within a <VirtualHost> 694: # container, error messages relating to that virtual host will be 695: # logged here. If you *do* define an error logfile for a <VirtualHost> 696: # container, that host's errors will be logged there and not here. 697: # 698: ErrorLog /var/log/httpd/error_log 699: 700: # 701: # LogLevel: Control the number of messages logged to the error_log. 702: # Possible values include: debug, info, notice, warn, error, crit, 703: # alert, emerg. 704: # 705: LogLevel warn 706: 707: # 708: # The following directives define some format nicknames for use with 709: # a CustomLog directive (see below). 710: # 711: LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined 712: LogFormat "%h %l %u %t \"%r\" %>s %b" common 713: LogFormat "%{Referer}i -> %U" referer 714: LogFormat "%{User-agent}i" agent 715: 716: # 717: # The location and format of the access logfile (Common Logfile Format). 718: # If you do not define any access logfiles within a <VirtualHost> 719: # container, they will be logged here. Contrariwise, if you *do* 720: # define per-<VirtualHost> access logfiles, transactions will be 721: # logged therein and *not* in this file. 722: # 723: CustomLog /var/log/httpd/access_log common 724: 725: # 726: # If you would like to have agent and referer logfiles, uncomment the 727: # following directives. 728: # 729: #CustomLog /var/log/httpd/referer_log referer 730: #CustomLog /var/log/httpd/agent_log agent 731: 732: # 733: # If you prefer a single logfile with access, agent, and referer information 734: # (Combined Logfile Format) you can use the following directive. 735: # 736: #CustomLog /var/log/httpd/access_log combined 737: 738: # 739: # Optionally add a line containing the server version and virtual host 740: # name to server-generated pages (error documents, FTP directory listings, 741: # mod_status and mod_info output etc., but not CGI generated documents). 742: # Set to "EMail" to also include a mailto: link to the ServerAdmin. 743: # Set to one of: On | Off | EMail 744: # 745: 746: # Note: this is set by SuSEconfig according to the setting of the 747: # HTTPD_SEC_SAY_FULLNAME variable in /etc/sysconfig/apache! 748: ServerSignature Off 749: 750: 751: # EBCDIC configuration: 752: # (only for mainframes using the EBCDIC codeset, currently one of: 753: # Fujitsu-Siemens' BS2000/OSD, IBM's OS/390 and IBM's TPF)!! 754: # The following default configuration assumes that "text files" 755: # are stored in EBCDIC (so that you can operate on them using the 756: # normal POSIX tools like grep and sort) while "binary files" are 757: # stored with identical octets as on an ASCII machine. 758: # 759: # The directives are evaluated in configuration file order, with 760: # the EBCDICConvert directives applied before EBCDICConvertByType. 761: # 762: # If you want to have ASCII HTML documents and EBCDIC HTML documents 763: # at the same time, you can use the file extension to force 764: # conversion off for the ASCII documents: 765: # > AddType text/html .ahtml 766: # > EBCDICConvert Off=InOut .ahtml 767: # 768: # EBCDICConvertByType On=InOut text/* message/* multipart/* 769: # EBCDICConvertByType On=In application/x-www-form-urlencoded 770: # EBCDICConvertByType On=InOut application/postscript model/vrml 771: # EBCDICConvertByType Off=InOut */* 772: 773: 774: # 775: # Aliases: Add here as many aliases as you need (with no limit). The format is 776: # Alias fakename realname 777: # 778: <IfModule mod_alias.c> 779: 780: # 781: # Note that if you include a trailing / on fakename then the server will 782: # require it to be present in the URL. So "/icons" isn't aliased in this 783: # example, only "/icons/". If the fakename is slash-terminated, then the 784: # realname must also be slash terminated, and if the fakename omits the 785: # trailing slash, the realname must also omit it. 786: # 787: Alias /icons/ "/srv/www/icons/" 788: 789: <Directory "/srv/www/icons"> 790: Options Indexes MultiViews 791: AllowOverride None 792: Order allow,deny 793: Allow from all 794: </Directory> 795: 796: # This Alias will project the on-line documentation tree under /manual/ 797: # even if you change the DocumentRoot. Comment it if you don't want to 798: # provide access to the on-line documentation. 799: # 800: Alias /manual/ "/srv/www/htdocs/manual/" 801: 802: <Directory "/srv/www/htdocs/manual"> 803: Options Indexes FollowSymlinks MultiViews 804: AllowOverride None 805: Order allow,deny 806: Allow from all 807: </Directory> 808: 809: # 810: # ScriptAlias: This controls which directories contain server scripts. 811: # ScriptAliases are essentially the same as Aliases, except that 812: # documents in the realname directory are treated as applications and 813: # run by the server when requested rather than as documents sent to the client. 814: # The same rules about trailing "/" apply to ScriptAlias directives as to 815: # Alias. 816: # 817: # ScriptAlias /cgi-bin/ "/home/httpd/cgi-bin/" 818: 819: <IfModule mod_perl.c> 820: # Provide two aliases to the same cgi-bin directory, 821: # to see the effects of the 2 different mod_perl modes. 822: # for Apache::Registry Mode 823: # ScriptAlias /perl/ "/srv/www/cgi-bin/" 824: # for Apache::Perlrun Mode 825: # ScriptAlias /cgi-perl/ "/srv/www/cgi-bin/" 826: </IfModule> 827: # 828: # "/srv/www/cgi-bin" should be changed to whatever your ScriptAliased 829: # CGI directory exists, if you have that configured. 830: # 831: # <Directory "/srv/www/cgi-bin"> 832: # AllowOverride None 833: # Options None 834: # Order allow,deny 835: # Allow from all 836: # </Directory> 837: 838: </IfModule> 839: # End of aliases. 840: 841: 842: # 843: # set /cgi-bin for CGI execution 844: # 845: #<Location /cgi-bin> 846: #AllowOverride None 847: #Options +ExecCGI -Includes 848: #SetHandler cgi-script 849: #</Location> 850: 851: # 852: # If mod_perl is activated, load configuration information 853: # 854: <IfModule mod_perl.c> 855: #Perlrequire /usr/include/apache/modules/perl/startup.perl 856: PerlModule Apache::Registry 857: 858: # 859: # set Apache::Registry Mode for /perl Alias 860: # 861: #<Location /perl> 862: #SetHandler perl-script 863: #PerlHandler Apache::Registry 864: #Options ExecCGI 865: #PerlSendHeader On 866: #</Location> 867: 868: # 869: # set Apache::PerlRun Mode for /cgi-perl Alias 870: # 871: #<Location /cgi-perl> 872: #SetHandler perl-script 873: #PerlHandler Apache::PerlRun 874: #Options ExecCGI 875: #PerlSendHeader On 876: #</Location> 877: 878: </IfModule> 879: 880: 881: 882: # 883: # Redirect allows you to tell clients about documents which used to exist in 884: # your server's namespace, but do not anymore. This allows you to tell the 885: # clients where to look for the relocated document. 886: # Format: Redirect old-URI new-URL 887: # 888: 889: # 890: # Directives controlling the display of server-generated directory listings. 891: # 892: <IfModule mod_autoindex.c> 893: 894: # 895: # FancyIndexing is whether you want fancy directory indexing or standard 896: # 897: IndexOptions FancyIndexing 898: 899: # 900: # AddIcon* directives tell the server which icon to show for different 901: # files or filename extensions. These are only displayed for 902: # FancyIndexed directories. 903: # 904: AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip 905: 906: AddIconByType (TXT,/icons/text.gif) text/* 907: AddIconByType (IMG,/icons/image2.gif) image/* 908: AddIconByType (SND,/icons/sound2.gif) audio/* 909: AddIconByType (VID,/icons/movie.gif) video/* 910: 911: AddIcon /icons/binary.gif .bin .exe 912: AddIcon /icons/binhex.gif .hqx 913: AddIcon /icons/tar.gif .tar 914: AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv 915: AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip 916: AddIcon /icons/a.gif .ps .ai .eps 917: AddIcon /icons/layout.gif .html .shtml .htm .pdf 918: AddIcon /icons/text.gif .txt 919: AddIcon /icons/c.gif .c 920: AddIcon /icons/p.gif .pl .py 921: AddIcon /icons/f.gif .for 922: AddIcon /icons/dvi.gif .dvi 923: AddIcon /icons/uuencoded.gif .uu 924: AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl 925: AddIcon /icons/tex.gif .tex 926: AddIcon /icons/bomb.gif core 927: 928: AddIcon /icons/back.gif .. 929: AddIcon /icons/hand.right.gif README 930: AddIcon /icons/folder.gif ^^DIRECTORY^^ 931: AddIcon /icons/blank.gif ^^BLANKICON^^ 932: 933: # 934: # DefaultIcon is which icon to show for files which do not have an icon 935: # explicitly set. 936: # 937: DefaultIcon /icons/unknown.gif 938: 939: # 940: # AddDescription allows you to place a short description after a file in 941: # server-generated indexes. These are only displayed for FancyIndexed 942: # directories. 943: # Format: AddDescription "description" filename 944: # 945: AddDescription "GZIP compressed document" .gz 946: AddDescription "tar archive" .tar 947: AddDescription "GZIP compressed tar archive" .tgz 948: 949: # 950: # ReadmeName is the name of the README file the server will look for by 951: # default, and append to directory listings. 952: # 953: # HeaderName is the name of a file which should be prepended to 954: # directory indexes. 955: # 956: ReadmeName README 957: HeaderName HEADER 958: 959: # 960: # IndexIgnore is a set of filenames which directory indexing should ignore 961: # and not include in the listing. Shell-style wildcarding is permitted. 962: # 963: IndexIgnore .??* *~ *# RCS CVS *,v *,t 964: 965: </IfModule> 966: # End of indexing directives. 967: 968: # 969: # Document types. 970: # 971: <IfModule mod_mime.c> 972: 973: # 974: # AddLanguage allows you to specify the language of a document. You can 975: # then use content negotiation to give a browser a file in a language 976: # it can understand. 977: # 978: # Note 1: The suffix does not have to be the same as the language 979: # keyword --- those with documents in Polish (whose net-standard 980: # language code is pl) may wish to use "AddLanguage pl .po" to 981: # avoid the ambiguity with the common suffix for perl scripts. 982: # 983: # Note 2: The example entries below illustrate that in quite 984: # some cases the two character 'Language' abbreviation is not 985: # identical to the two character 'Country' code for its country, 986: # E.g. 'Danmark/dk' versus 'Danish/da'. 987: # 988: # Note 3: In the case of 'ltz' we violate the RFC by using a three char 989: # specifier. But there is 'work in progress' to fix this and get 990: # the reference data for rfc1766 cleaned up. 991: # 992: # Danish (da) - Dutch (nl) - English (en) - Estonian (ee) 993: # French (fr) - German (de) - Greek-Modern (el) 994: # Italian (it) - Korean (kr) - Norwegian (no) - Norwegian Nynorsk (nn) 995: # Portugese (pt) - Luxembourgeois* (ltz) 996: # Spanish (es) - Swedish (sv) - Catalan (ca) - Czech(cs) 997: # Polish (pl) - Brazilian Portuguese (pt-br) - Japanese (ja) 998: # Russian (ru) 999: # 1000: AddLanguage da .dk 1001: AddLanguage nl .nl 1002: AddLanguage en .en 1003: AddLanguage et .ee 1004: AddLanguage fr .fr 1005: AddLanguage de .de 1006: AddLanguage el .el 1007: AddLanguage he .he 1008: AddCharset ISO-8859-8 .iso8859-8 1009: AddLanguage it .it 1010: AddLanguage ja .ja 1011: AddCharset ISO-2022-JP .jis 1012: AddLanguage kr .kr 1013: AddCharset ISO-2022-KR .iso-kr 1014: AddLanguage nn .nn 1015: AddLanguage no .no 1016: AddLanguage pl .po 1017: AddCharset ISO-8859-2 .iso-pl 1018: AddLanguage pt .pt 1019: AddLanguage pt-br .pt-br 1020: AddLanguage ltz .lu 1021: AddLanguage ca .ca 1022: AddLanguage es .es 1023: AddLanguage sv .sv 1024: AddLanguage cs .cz .cs 1025: AddLanguage ru .ru 1026: AddLanguage zh-TW .zh-tw 1027: AddCharset Big5 .Big5 .big5 1028: AddCharset WINDOWS-1251 .cp-1251 1029: AddCharset CP866 .cp866 1030: AddCharset ISO-8859-5 .iso-ru 1031: AddCharset KOI8-R .koi8-r 1032: AddCharset UCS-2 .ucs2 1033: AddCharset UCS-4 .ucs4 1034: AddCharset UTF-8 .utf8 1035: 1036: # LanguagePriority allows you to give precedence to some languages 1037: # in case of a tie during content negotiation. 1038: # 1039: # Just list the languages in decreasing order of preference. We have 1040: # more or less alphabetized them here. You probably want to change this. 1041: # 1042: <IfModule mod_negotiation.c> 1043: LanguagePriority en da nl et fr de el it ja kr no pl pt pt-br ru ltz ca es sv tw 1044: </IfModule> 1045: 1046: # 1047: # AddType allows you to tweak mime.types without actually editing it, or to 1048: # make certain files to be certain types. 1049: # 1050: AddType application/x-tar .tgz 1051: 1052: # 1053: # AddEncoding allows you to have certain browsers uncompress 1054: # information on the fly. Note: Not all browsers support this. 1055: # Despite the name similarity, the following Add* directives have nothing 1056: # to do with the FancyIndexing customization directives above. 1057: # 1058: AddEncoding x-compress .Z 1059: AddEncoding x-gzip .gz .tgz 1060: # 1061: # If the AddEncoding directives above are commented-out, then you 1062: # probably should define those extensions to indicate media types: 1063: # 1064: #AddType application/x-compress .Z 1065: #AddType application/x-gzip .gz .tgz 1066: 1067: # Some more types: 1068: 1069: # 1070: # PHP 3.x: 1071: # 1072: <IfModule mod_php3.c> 1073: AddType application/x-httpd-php3 .php3 1074: AddType application/x-httpd-php3-source .phps 1075: AddType application/x-httpd-php3 .phtml 1076: </IfModule> 1077: 1078: # 1079: # PHP 4.x: 1080: # 1081: <IfModule mod_php4.c> 1082: AddType application/x-httpd-php .php 1083: AddType application/x-httpd-php .php4 1084: AddType application/x-httpd-php-source .phps 1085: </IfModule> 1086: 1087: # 1088: # mod_dtcl can execute tcl scripts 1089: # 1090: <IfModule mod_dtcl.c> 1091: AddType application/x-httpd-tcl .ttml 1092: AddType application/x-dtcl-tcl .tcl 1093: </IfModule> 1094: 1095: AddType text/vnd.wap.wml wml 1096: AddType text/vnd.wap.wmlscript wmls 1097: AddType application/vnd.wap.wmlc wmlc 1098: AddType application/vnd.wap.wmlscriptc wmlsc 1099: Addtype image/vnd.wap.wbmp wbmp 1100: # 1101: # AddHandler allows you to map certain file extensions to "handlers", 1102: # actions unrelated to filetype. These can be either built into the server 1103: # or added with the Action command (see below) 1104: # 1105: # If you want to use server side includes, or CGI outside 1106: # ScriptAliased directories, uncomment the following lines. 1107: # 1108: # To use CGI scripts: 1109: # 1110: AddHandler cgi-script .cgi 1111: 1112: # 1113: # To use server-parsed HTML files 1114: # 1115: AddType text/html .shtml 1116: AddHandler server-parsed .shtml 1117: 1118: # 1119: # Uncomment the following line to enable Apache's send-asis HTTP file 1120: # feature 1121: # 1122: #AddHandler send-as-is asis 1123: 1124: # 1125: # If you wish to use server-parsed imagemap files, use 1126: # 1127: #AddHandler imap-file map 1128: 1129: # 1130: # To enable type maps, you might want to use 1131: # 1132: #AddHandler type-map var 1133: 1134: </IfModule> 1135: # End of document types. 1136: 1137: # 1138: # Action lets you define media types that will execute a script whenever 1139: # a matching file is called. This eliminates the need for repeated URL 1140: # pathnames for oft-used CGI file processors. 1141: # Format: Action media/type /cgi-script/location 1142: # Format: Action handler-name /cgi-script/location 1143: # 1144: 1145: # 1146: # MetaDir: specifies the name of the directory in which Apache can find 1147: # meta information files. These files contain additional HTTP headers 1148: # to include when sending the document 1149: # 1150: #MetaDir .web 1151: 1152: # 1153: # MetaSuffix: specifies the file name suffix for the file containing the 1154: # meta information. 1155: # 1156: #MetaSuffix .meta 1157: 1158: # 1159: # Customizable error response (Apache style) 1160: # these come in three flavors 1161: # 1162: # 1) plain text 1163: #ErrorDocument 500 "The server made a boo boo. 1164: # n.b. the single leading (") marks it as text, it does not get output 1165: # 1166: # 2) local redirects 1167: #ErrorDocument 404 /missing.html 1168: # to redirect to local URL /missing.html 1169: #ErrorDocument 404 /cgi-bin/missing_handler.pl 1170: # N.B.: You can redirect to a script or a document using server-side-includes. 1171: # 1172: # 3) external redirects 1173: #ErrorDocument 402 http://some.other-server.com/subscription_info.html 1174: # N.B.: Many of the environment variables associated with the original 1175: # request will *not* be available to such a script. 1176: 1177: # 1178: # Customize behaviour based on the browser 1179: # 1180: <IfModule mod_setenvif.c> 1181: 1182: # 1183: # The following directives modify normal HTTP response behavior. 1184: # The first directive disables keepalive for Netscape 2.x and browsers that 1185: # spoof it. There are known problems with these browser implementations. 1186: # The second directive is for Microsoft Internet Explorer 4.0b2 1187: # which has a broken HTTP/1.1 implementation and does not properly 1188: # support keepalive when it is used on 301 or 302 (redirect) responses. 1189: # 1190: BrowserMatch "Mozilla/2" nokeepalive 1191: BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0 1192: 1193: # 1194: # The following directive disables HTTP/1.1 responses to browsers which 1195: # are in violation of the HTTP/1.0 spec by not being able to grok a 1196: # basic 1.1 response. 1197: # 1198: BrowserMatch "RealPlayer 4\.0" force-response-1.0 1199: BrowserMatch "Java/1\.0" force-response-1.0 1200: BrowserMatch "JDK/1\.0" force-response-1.0 1201: 1202: </IfModule> 1203: # End of browser customization directives 1204: 1205: # 1206: # Allow server status reports, with the URL of http://servername/server-status 1207: # Change the ".your-domain.com" to match your domain to enable. 1208: # 1209: # Note: apache is started (by /etc/init.d/apache) with -D STATUS if 1210: # HTTPD_SEC_ACCESS_SERVERINFO is set to "yes" in 1211: # /etc/sysconfig/apache. 1212: 1213: <IfDefine STATUS> 1214: <Location /server-status> 1215: SetHandler server-status 1216: Order deny,allow 1217: Deny from all 1218: Allow from localhost 1219: </Location> 1220: 1221: # 1222: # Allow remote server configuration reports, with the URL of 1223: # http://servername/server-info (requires that mod_info.c be loaded). 1224: # Change the ".your-domain.com" to match your domain to enable. 1225: # 1226: <Location /server-info> 1227: SetHandler server-info 1228: Order deny,allow 1229: Deny from all 1230: Allow from localhost 1231: </Location> 1232: 1233: # 1234: # enable perl-status for mod_perl 1235: # 1236: <IfModule mod_perl.c> 1237: <Location /perl-status> 1238: SetHandler perl-script 1239: PerlHandler Apache::Status 1240: order deny,allow 1241: deny from all 1242: allow from localhost 1243: </Location> 1244: </IfModule> 1245: </IfDefine> 1246: 1247: 1248: # 1249: # There have been reports of people trying to abuse an old bug from pre-1.1 1250: # days. This bug involved a CGI script distributed as a part of Apache. 1251: # By uncommenting these lines you can redirect these attacks to a logging 1252: # script on phf.apache.org. Or, you can record them yourself, using the script 1253: # support/phf_abuse_log.cgi. 1254: # 1255: #<Location /cgi-bin/phf*> 1256: # Deny from all 1257: # ErrorDocument 403 http://phf.apache.org/phf_abuse_log.cgi 1258: #</Location> 1259: 1260: # 1261: # Proxy Server directives. Uncomment the following lines to 1262: # enable the proxy server: 1263: # 1264: #<IfModule mod_proxy.c> 1265: # ProxyRequests On 1266: 1267: # <Directory proxy:*> 1268: # Order deny,allow 1269: # Deny from all 1270: # Allow from .your-domain.com 1271: # </Directory> 1272: 1273: # 1274: # Enable/disable the handling of HTTP/1.1 "Via:" headers. 1275: # ("Full" adds the server version; "Block" removes all outgoing Via: headers) 1276: # Set to one of: Off | On | Full | Block 1277: # 1278: # ProxyVia On 1279: 1280: # 1281: # To enable the cache as well, edit and uncomment the following lines: 1282: # (no cacheing without CacheRoot) 1283: # 1284: # CacheRoot "/var/cache/httpd" 1285: # CacheSize 5 1286: # CacheGcInterval 4 1287: # CacheMaxExpire 24 1288: # CacheLastModifiedFactor 0.1 1289: # CacheDefaultExpire 1 1290: # NoCache a-domain.com another-domain.edu joes.garage-sale.com 1291: 1292: #</IfModule> 1293: # End of proxy directives. 1294: 1295: ### Section 3: Virtual Hosts 1296: # 1297: # VirtualHost: If you want to maintain multiple domains/hostnames on your 1298: # machine you can setup VirtualHost containers for them. Most configurations 1299: # use only name-based virtual hosts so the server doesn't need to worry about 1300: # IP addresses. This is indicated by the asterisks in the directives below. 1301: # 1302: # Please see the documentation at <URL:http://www.apache.org/docs/vhosts/> 1303: # for further details before you try to setup virtual hosts. 1304: # 1305: # You may use the command line option '-S' to verify your virtual host 1306: # configuration. 1307: 1308: # 1309: # Use name-based virtual hosting. 1310: # 1311: #NameVirtualHost *:80 1312: 1313: # 1314: # VirtualHost example: 1315: # Almost any Apache directive may go into a VirtualHost container. 1316: # The first VirtualHost section is used for requests without a known 1317: # server name. 1318: # 1319: #<VirtualHost *:80> 1320: # ServerAdmin webmaster@dummy-host.example.com 1321: # DocumentRoot /www/docs/dummy-host.example.com 1322: # ServerName dummy-host.example.com 1323: # ErrorLog logs/dummy-host.example.com-error_log 1324: # CustomLog logs/dummy-host.example.com-access_log common 1325: #</VirtualHost> 1326: 1327: #<VirtualHost _default_:*> 1328: #</VirtualHost> 1329: 1330: ## 1331: ## SSL Global Context 1332: ## 1333: ## All SSL configuration in this context applies both to 1334: ## the main server and all SSL-enabled virtual hosts. 1335: ## 1336: 1337: # 1338: # Some MIME-types for downloading Certificates and CRLs 1339: # 1340: <IfDefine SSL> 1341: AddType application/x-x509-ca-cert .crt 1342: AddType application/x-pkcs7-crl .crl 1343: </IfDefine> 1344: 1345: <IfModule mod_ssl.c> 1346: 1347: # Pass Phrase Dialog: 1348: # Configure the pass phrase gathering process. 1349: # The filtering dialog program (`builtin' is a internal 1350: # terminal dialog) has to provide the pass phrase on stdout. 1351: SSLPassPhraseDialog builtin 1352: 1353: # Inter-Process Session Cache: 1354: # Configure the SSL Session Cache: First the mechanism 1355: # to use and second the expiring timeout (in seconds, default=300). 1356: # shm means the same as shmht. 1357: # Note that on most platforms shared memory segments are not allowed to be on 1358: # network-mounted drives, so in that case you need to use the dbm method. 1359: #SSLSessionCache none 1360: #SSLSessionCache shmht:/var/run/ssl_scache(512000) 1361: #SSLSessionCache shmcb:/var/run/ssl_scache(512000) 1362: #SSLSessionCache dbm:/var/run/ssl_scache 1363: SSLSessionCache shmcb:/var/lib/httpd/ssl_scache 1364: SSLSessionCacheTimeout 600 1365: 1366: # Semaphore: 1367: # Configure the path to the mutual exclusion semaphore the 1368: # SSL engine uses internally for inter-process synchronization. 1369: #SSLMutex file:/var/run/ssl_mutex 1370: SSLMutex sem 1371: 1372: # Pseudo Random Number Generator (PRNG): 1373: # Configure one or more sources to seed the PRNG of the 1374: # SSL library. The seed data should be of good random quality. 1375: # WARNING! On some platforms /dev/random blocks if not enough entropy 1376: # is available. This means you then cannot use the /dev/random device 1377: # because it would lead to very long connection times (as long as 1378: # it requires to make more entropy available). But usually those 1379: # platforms additionally provide a /dev/urandom device which doesn't 1380: # block. So, if available, use this one instead. Read the mod_ssl User 1381: # Manual for more details. 1382: SSLRandomSeed startup builtin 1383: SSLRandomSeed connect builtin 1384: #SSLRandomSeed startup file:/dev/random 512 1385: #SSLRandomSeed startup file:/dev/urandom 512 1386: #SSLRandomSeed connect file:/dev/random 512 1387: #SSLRandomSeed connect file:/dev/urandom 512 1388: 1389: # Logging: 1390: # The home of the dedicated SSL protocol logfile. Errors are 1391: # additionally duplicated in the general error log file. Put 1392: # this somewhere where it cannot be used for symlink attacks on 1393: # a real server (i.e. somewhere where only root can write). 1394: # Log levels are (ascending order: higher ones include lower ones): 1395: # none, error, warn, info, trace, debug. 1396: SSLLog /var/log/httpd/ssl_engine_log 1397: SSLLogLevel info 1398: 1399: </IfModule> 1400: 1401: <IfDefine SSL> 1402: 1403: ## 1404: ## SSL Virtual Host Context 1405: ## 1406: 1407: <VirtualHost _default_:443> 1408: 1409: # General setup for the virtual host 1410: DocumentRoot "/srv/www/htdocs" 1411: ServerName new.host.name 1412: ServerAdmin you@your.address 1413: ErrorLog /var/log/httpd/error_log 1414: TransferLog /var/log/httpd/access_log 1415: 1416: # SSL Engine Switch: 1417: # Enable/Disable SSL for this virtual host. 1418: SSLEngine on 1419: 1420: # SSL Cipher Suite: 1421: # List the ciphers that the client is permitted to negotiate. 1422: # See the mod_ssl documentation for a complete list. 1423: SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL 1424: 1425: # Server Certificate: 1426: # Point SSLCertificateFile at a PEM encoded certificate. If 1427: # the certificate is encrypted, then you will be prompted for a 1428: # pass phrase. Note that a kill -HUP will prompt again. A test 1429: # certificate can be generated with `make certificate' under 1430: # built time. Keep in mind that if you've both a RSA and a DSA 1431: # certificate you can configure both in parallel (to also allow 1432: # the use of DSA ciphers, etc.) 1433: SSLCertificateFile /etc/httpd/ssl.crt/server.crt 1434: #SSLCertificateFile /etc/httpd/ssl.crt/server-dsa.crt 1435: 1436: # Server Private Key: 1437: # If the key is not combined with the certificate, use this 1438: # directive to point at the key file. Keep in mind that if 1439: # you've both a RSA and a DSA private key you can configure 1440: # both in parallel (to also allow the use of DSA ciphers, etc.) 1441: SSLCertificateKeyFile /etc/httpd/ssl.key/server.key 1442: #SSLCertificateKeyFile /etc/httpd/ssl.key/server-dsa.key 1443: 1444: # Server Certificate Chain: 1445: # Point SSLCertificateChainFile at a file containing the 1446: # concatenation of PEM encoded CA certificates which form the 1447: # certificate chain for the server certificate. Alternatively 1448: # the referenced file can be the same as SSLCertificateFile 1449: # when the CA certificates are directly appended to the server 1450: # certificate for convinience. 1451: #SSLCertificateChainFile /etc/httpd/ssl.crt/ca.crt 1452: 1453: # Certificate Authority (CA): 1454: # Set the CA certificate verification path where to find CA 1455: # certificates for client authentication or alternatively one 1456: # huge file containing all of them (file must be PEM encoded) 1457: # Note: Inside SSLCACertificatePath you need hash symlinks 1458: # to point to the certificate files. Use the provided 1459: # Makefile to update the hash symlinks after changes. 1460: #SSLCACertificatePath /etc/httpd/ssl.crt 1461: #SSLCACertificateFile /etc/httpd/ssl.crt/ca-bundle.crt 1462: 1463: # Certificate Revocation Lists (CRL): 1464: # Set the CA revocation path where to find CA CRLs for client 1465: # authentication or alternatively one huge file containing all 1466: # of them (file must be PEM encoded) 1467: # Note: Inside SSLCARevocationPath you need hash symlinks 1468: # to point to the certificate files. Use the provided 1469: # Makefile to update the hash symlinks after changes. 1470: #SSLCARevocationPath /etc/httpd/ssl.crl 1471: #SSLCARevocationFile /etc/httpd/ssl.crl/ca-bundle.crl 1472: 1473: # Client Authentication (Type): 1474: # Client certificate verification type and depth. Types are 1475: # none, optional, require and optional_no_ca. Depth is a 1476: # number which specifies how deeply to verify the certificate 1477: # issuer chain before deciding the certificate is not valid. 1478: #SSLVerifyClient require 1479: #SSLVerifyDepth 10 1480: 1481: # Access Control: 1482: # With SSLRequire you can do per-directory access control based 1483: # on arbitrary complex boolean expressions containing server 1484: # variable checks and other lookup directives. The syntax is a 1485: # mixture between C and Perl. See the mod_ssl documentation 1486: # for more details. 1487: #<Location /> 1488: #SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \ 1489: # and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ 1490: # and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ 1491: # and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ 1492: # and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ 1493: # or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ 1494: #</Location> 1495: 1496: # SSL Engine Options: 1497: # Set various options for the SSL engine. 1498: # o FakeBasicAuth: 1499: # Translate the client X.509 into a Basic Authorisation. This means that 1500: # the standard Auth/DBMAuth methods can be used for access control. The 1501: # user name is the `one line' version of the client's X.509 certificate. 1502: # Note that no password is obtained from the user. Every entry in the user 1503: # file needs this password: `xxj31ZMTZzkVA'. 1504: # o ExportCertData: 1505: # This exports two additional environment variables: SSL_CLIENT_CERT and 1506: # SSL_SERVER_CERT. These contain the PEM-encoded certificates of the 1507: # server (always existing) and the client (only existing when client 1508: # authentication is used). This can be used to import the certificates 1509: # into CGI scripts. 1510: # o StdEnvVars: 1511: # This exports the standard SSL/TLS related `SSL_*' environment variables. 1512: # Per default this exportation is switched off for performance reasons, 1513: # because the extraction step is an expensive operation and is usually 1514: # useless for serving static content. So one usually enables the 1515: # exportation for CGI and SSI requests only. 1516: # o CompatEnvVars: 1517: # This exports obsolete environment variables for backward compatibility 1518: # to Apache-SSL 1.x, mod_ssl 2.0.x, Sioux 1.0 and Stronghold 2.x. Use this 1519: # to provide compatibility to existing CGI scripts. 1520: # o StrictRequire: 1521: # This denies access when "SSLRequireSSL" or "SSLRequire" applied even 1522: # under a "Satisfy any" situation, i.e. when it applies access is denied 1523: # and no other module can change it. 1524: # o OptRenegotiate: 1525: # This enables optimized SSL connection renegotiation handling when SSL 1526: # directives are used in per-directory context. 1527: #SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire 1528: <Files ~ "\.(cgi|shtml|phtml|php3?)$"> 1529: SSLOptions +StdEnvVars 1530: </Files> 1531: <Directory "/srv/www/cgi-bin"> 1532: SSLOptions +StdEnvVars 1533: </Directory> 1534: 1535: # SSL Protocol Adjustments: 1536: # The safe and default but still SSL/TLS standard compliant shutdown 1537: # approach is that mod_ssl sends the close notify alert but doesn't wait for 1538: # the close notify alert from client. When you need a different shutdown 1539: # approach you can use one of the following variables: 1540: # o ssl-unclean-shutdown: 1541: # This forces an unclean shutdown when the connection is closed, i.e. no 1542: # SSL close notify alert is send or allowed to received. This violates 1543: # the SSL/TLS standard but is needed for some brain-dead browsers. Use 1544: # this when you receive I/O errors because of the standard approach where 1545: # mod_ssl sends the close notify alert. 1546: # o ssl-accurate-shutdown: 1547: # This forces an accurate shutdown when the connection is closed, i.e. a 1548: # SSL close notify alert is send and mod_ssl waits for the close notify 1549: # alert of the client. This is 100% SSL/TLS standard compliant, but in 1550: # practice often causes hanging connections with brain-dead browsers. Use 1551: # this only for browsers where you know that their SSL implementation 1552: # works correctly. 1553: # Notice: Most problems of broken clients are also related to the HTTP 1554: # keep-alive facility, so you usually additionally want to disable 1555: # keep-alive for those clients, too. Use variable "nokeepalive" for this. 1556: # Similarly, one has to force some clients to use HTTP/1.0 to workaround 1557: # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and 1558: # "force-response-1.0" for this. 1559: SetEnvIf User-Agent ".*MSIE.*" \ 1560: nokeepalive ssl-unclean-shutdown \ 1561: downgrade-1.0 force-response-1.0 1562: 1563: # Per-Server Logging: 1564: # The home of a custom SSL log file. Use this when you want a 1565: # compact non-error SSL logfile on a virtual host basis. 1566: CustomLog /var/log/httpd/ssl_request_log \ 1567: "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" 1568: 1569: </VirtualHost> 1570: 1571: </IfDefine> 1572: 1573: 1574: 1575: # Note: 1576: # 1577: # The file that is included below is generated by SuSEconfig. 1578: # 1579: # In this file, SuSEconfig puts Include statements it finds 1580: # in /etc/httpd/modules/* (lines with "File:..." or "Include:..."). 1581: # If such a module file also contains a "Variable:..." statement, the settings 1582: # in /etc/sysconfig/apache will be honored. 1583: # 1584: # In addition, any files listed in the HTTPD_CONF_INCLUDE_FILES variable 1585: # in /etc/sysconfig/apache will be included here by SuSEconfig. 1586: # This allows you to add e.g. VirtualHost statements without touching 1587: # /etc/httpd/httpd.conf itself, which means that SuSEconfig will continue doing its 1588: # job (since it would not touch httpd.conf any longer as soon it detects changes 1589: # made by the admin via the md5sum mechanism) 1590: 1591: Include /etc/httpd/suse_include.conf 1592: Include /etc/httpd/conf/loncapa_apache.conf 1593: